cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

CF9 Encrypt with AES 256-bit, example anyone?

Pawel__Paul__Barnas
New Here ,
Oct 24, 2012 Oct 24, 2012

Copy link to clipboard

Copied

Hi there. I'm looking for a working example of  the Encrypt method using the AES 256 bit key.  I think that I have the Unlimited Strength Jurisdiction Policy Files enabled.  And I'm still getting the CFError,

The key specified is not a valid key for this encryption: Illegal key size. 

Now i hit the wall, can't get it.  What wrong am i doing?  How can I verify that the policy files are installed and accessible to my cf file?  Any help is greatly appreciated.

<cfset thePlainText  = "Is this working for me?" />

Generate Secret Key (128):  <cfset AES128 = "#generatesecretkey('AES',128)#" /> <cfdump var="#AES128#"><BR>
Generate Secret Key (192):  <cfset AES192 = "#generatesecretkey('AES',192)#" /> <cfdump var="#AES192#"><BR>
Generate Secret Key (256):  <cfset AES256 = "#generatesecretkey('AES',256)#" /> <cfdump var="#AES256#"><BR><BR>

<cfset theKey    = AES256 />
<cfset theAlgorithm  = "AES/CBC/PKCS5Padding" />
<cfset theEncoding  = "base64" />
<cfset theIV    = BinaryDecode("6d795465737449566f7253616c7431323538704c6173745f", "hex") />

<cfset encryptedString = encrypt(thePlainText, theKey, theAlgorithm, theEncoding, theIV) />

<!--- Display results --->
<cfset keyLengthInBits  = arrayLen(BinaryDecode(theKey, "base64")) * 8 />
<cfset ivLengthInBits  = arrayLen(theIV) * 8 />
<cfdump var="#variables#" label="AES/CBC/PKCS5Padding Results" />


<cfabort>

Views

3.2K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

12Robots
Advocate , Oct 24, 2012 Oct 24, 2012

You probably do not have the unlimited jurisdiction policy files in the right place.

It is very common for admins to think that the new policy files go in the usual <cfusion>/lib directory. But they actual go in the <cfusion>/jre/security/lib directory (unless you're on a Mac, then they go in JAVA_HOME/security/lib).

You also need to restart once you get the policy files in place.

I tested your script on my local machine, which does have the unlimited strength policy and it worked fine.

Jason

Votes

Translate

Translate
replies 5 Replies 5
latest latest Jump to latest reply
12Robots
Advocate ,
Oct 24, 2012 Oct 24, 2012

Copy link to clipboard

Copied

You probably do not have the unlimited jurisdiction policy files in the right place.

It is very common for admins to think that the new policy files go in the usual <cfusion>/lib directory. But they actual go in the <cfusion>/jre/security/lib directory (unless you're on a Mac, then they go in JAVA_HOME/security/lib).

You also need to restart once you get the policy files in place.

I tested your script on my local machine, which does have the unlimited strength policy and it worked fine.

Jason

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Pawel__Paul__Barnas
New Here ,
Oct 28, 2012 Oct 28, 2012

Copy link to clipboard

Copied

In Response To 12Robots

Jason, one more quick question.  I have installed CF10 developers version server.  The v10 structure is a bit different from v9.  For example the Policy 6 files for the AES 256 encryption are found in \\ColdFusion10\jre\lib\security.  So, when I run my code i keep getting the

The key specified is not a valid key for this encryption: Illegal key size.

What would be the solution here?  How come the version 10 of the server has it differently than version 9?  Any "enlightment" is greatly appreciated.

Paul

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
12Robots
Advocate ,
Oct 29, 2012 Oct 29, 2012

Copy link to clipboard

Copied

LATEST
In Response To Pawel__Paul__Barnas

Verison 10 is different from 9 because they run on different servlet containers. CF 10 uses Tomcat, CF 9 uses JRun, so things are in different places.

\\ColdFusion10\jre\lib\security seems like the correct locaiton for the policy files to me. I actually gave you the wrong locations in my original post (sorry about that).  According to the installation instructions they belong in <java-home>\lib\security, which is looks like you've found.

So something else is wrong. Here are some things to look at, in no particular order:

1. Are you using a JVM other than the Java 1.6 that comes with CF10?

2. Did you restart Tomcat after coping the files in?

3. Note that I keep saying FILES, did you copy BOTH of th .jar files from the JCE folder you unzipped into the security directory.  It should have prompted you to overwrite existing files.

4. Did you try unzipping the files and copying them in again, on the chance that they did not overwrite the originals?

Sorry, I don't have CF10 installed to give this a try. But I have no reason to believe that it would not work in 10. It's all just JCA/JCE on the underlying JAVA, and I have heard no reports from anyone else that it doesn't work.

Jason

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
12Robots
Advocate ,
Oct 24, 2012 Oct 24, 2012

Copy link to clipboard

Copied

Oh, and your IV is too long. Shorten it by 16 charatcers. It should only be 128-bit, not 192-bit.

Jason

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Pawel__Paul__Barnas
New Here ,
Oct 24, 2012 Oct 24, 2012

Copy link to clipboard

Copied

In Response To 12Robots

Thanks Jason. I was hoping that you would see this and reply to me.  I saw many of your posts and your expertise as well as willingness to help others is greatly appreciated. I will apply your suggestions and post my results later. Thanks, Paul B.

UPDATE:

Jason,  it works fantastic.  My files where in ther correct directory... I somehow didn't connect that the IV length is 192. And I red your post that explains the IV length ( http://forums.adobe.com/message/4545840#4545840 ) . Thank you Jason.

Paul

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices